[Security] Add OidcUserInfoTokenHandler and OidcUser

Author: vincentchalamon

CHANGELOG.md

@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+6.3
+---
+
+ * Add `AttributesBasedUserProviderInterface` to allow `$attributes` optional argument on `loadUserByIdentifier`
+ * Add `OidcUser` with OIDC support for `OidcUserInfoTokenHandler`
+
 6.2
 ---
 

Tests/User/OidcUserTest.php

@@ -0,0 +1,176 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\User;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\User\OidcUser;
+
+class OidcUserTest extends TestCase
+{
+    public function testCannotCreateUserWithoutSubProperty()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+        $this->expectExceptionMessage('The "sub" claim cannot be empty.');
+
+        new OidcUser();
+    }
+
+    public function testCreateFullUserWithAdditionalClaimsUsingPositionalParameters()
+    {
+        $this->assertEquals(new OidcUser(
+            userIdentifier: 'john.doe',
+            roles: ['ROLE_USER', 'ROLE_ADMIN'],
+            sub: 'e21bf182-1538-406e-8ccb-e25a17aba39f',
+            name: 'John DOE',
+            givenName: 'John',
+            familyName: 'DOE',
+            middleName: 'Fitzgerald',
+            nickname: 'Johnny',
+            preferredUsername: 'john.doe',
+            profile: 'https://www.example.com/john-doe',
+            picture: 'https://www.example.com/pics/john-doe.jpg',
+            website: 'https://www.example.com',
+            email: '[email protected]',
+            emailVerified: true,
+            gender: 'male',
+            birthdate: '1980-05-15',
+            zoneinfo: 'Europe/Paris',
+            locale: 'fr-FR',
+            phoneNumber: '+33 (0) 6 12 34 56 78',
+            phoneNumberVerified: false,
+            address: [
+                'formatted' => '1 Rue des Moulins 75000 Paris - France',
+                'street_address' => '1 Rue des Moulins',
+                'locality' => 'Paris',
+                'region' => 'Île-de-France',
+                'postal_code' => '75000',
+                'country' => 'France',
+            ],
+            updatedAt: (new \DateTimeImmutable())->setTimestamp(1669628917),
+            additionalClaims: [
+                'impersonator' => [
+                    'username' => '[email protected]',
+                ],
+                'customId' => 12345,
+            ],
+        ), new OidcUser(...[
+            'userIdentifier' => 'john.doe',
+            'roles' => ['ROLE_USER', 'ROLE_ADMIN'],
+            'sub' => 'e21bf182-1538-406e-8ccb-e25a17aba39f',
+            'name' => 'John DOE',
+            'givenName' => 'John',
+            'familyName' => 'DOE',
+            'middleName' => 'Fitzgerald',
+            'nickname' => 'Johnny',
+            'preferredUsername' => 'john.doe',
+            'profile' => 'https://www.example.com/john-doe',
+            'picture' => 'https://www.example.com/pics/john-doe.jpg',
+            'website' => 'https://www.example.com',
+            'email' => '[email protected]',
+            'emailVerified' => true,
+            'gender' => 'male',
+            'birthdate' => '1980-05-15',
+            'zoneinfo' => 'Europe/Paris',
+            'locale' => 'fr-FR',
+            'phoneNumber' => '+33 (0) 6 12 34 56 78',
+            'phoneNumberVerified' => false,
+            'address' => [
+                'formatted' => '1 Rue des Moulins 75000 Paris - France',
+                'street_address' => '1 Rue des Moulins',
+                'locality' => 'Paris',
+                'region' => 'Île-de-France',
+                'postal_code' => '75000',
+                'country' => 'France',
+            ],
+            'updatedAt' => (new \DateTimeImmutable())->setTimestamp(1669628917),
+            'impersonator' => [
+                'username' => '[email protected]',
+            ],
+            'customId' => 12345,
+        ]));
+    }
+
+    public function testCreateFullUserWithAdditionalClaims()
+    {
+        $this->assertEquals(new OidcUser(
+            userIdentifier: 'john.doe',
+            roles: ['ROLE_USER', 'ROLE_ADMIN'],
+            sub: 'e21bf182-1538-406e-8ccb-e25a17aba39f',
+            name: 'John DOE',
+            givenName: 'John',
+            familyName: 'DOE',
+            middleName: 'Fitzgerald',
+            nickname: 'Johnny',
+            preferredUsername: 'john.doe',
+            profile: 'https://www.example.com/john-doe',
+            picture: 'https://www.example.com/pics/john-doe.jpg',
+            website: 'https://www.example.com',
+            email: '[email protected]',
+            emailVerified: true,
+            gender: 'male',
+            birthdate: '1980-05-15',
+            zoneinfo: 'Europe/Paris',
+            locale: 'fr-FR',
+            phoneNumber: '+33 (0) 6 12 34 56 78',
+            phoneNumberVerified: false,
+            address: [
+                'formatted' => '1 Rue des Moulins 75000 Paris - France',
+                'street_address' => '1 Rue des Moulins',
+                'locality' => 'Paris',
+                'region' => 'Île-de-France',
+                'postal_code' => '75000',
+                'country' => 'France',
+            ],
+            updatedAt: (new \DateTimeImmutable())->setTimestamp(1669628917),
+            additionalClaims: [
+                [
+                    'username' => '[email protected]',
+                ],
+                12345,
+            ],
+        ), new OidcUser(
+            'john.doe',
+            ['ROLE_USER', 'ROLE_ADMIN'],
+            'e21bf182-1538-406e-8ccb-e25a17aba39f',
+            'John DOE',
+            'John',
+            'DOE',
+            'Fitzgerald',
+            'Johnny',
+            'john.doe',
+            'https://www.example.com/john-doe',
+            'https://www.example.com/pics/john-doe.jpg',
+            'https://www.example.com',
+            '[email protected]',
+            true,
+            'male',
+            '1980-05-15',
+            'Europe/Paris',
+            'fr-FR',
+            '+33 (0) 6 12 34 56 78',
+            false,
+            [
+                'formatted' => '1 Rue des Moulins 75000 Paris - France',
+                'street_address' => '1 Rue des Moulins',
+                'locality' => 'Paris',
+                'region' => 'Île-de-France',
+                'postal_code' => '75000',
+                'country' => 'France',
+            ],
+            (new \DateTimeImmutable())->setTimestamp(1669628917),
+            [
+                'username' => '[email protected]',
+            ],
+            12345
+        ));
+    }
+}

User/AttributesBasedUserProviderInterface.php

@@ -0,0 +1,32 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\User;
+
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+
+/**
+ * Overrides UserProviderInterface to add an "attributes" argument on loadUserByIdentifier.
+ * This is particularly useful with self-contained access tokens.
+ *
+ * @experimental
+ */
+interface AttributesBasedUserProviderInterface extends UserProviderInterface
+{
+    /**
+     * Loads the user for the given user identifier (e.g. username or email) and attributes.
+     *
+     * This method must throw UserNotFoundException if the user is not found.
+     *
+     * @throws UserNotFoundException
+     */
+    public function loadUserByIdentifier(string $identifier, array $attributes = []): UserInterface;
+}